Types of ip acls, Acl ids and entries – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 932

Advertising
background image

898

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

ACL overview

Rule-based ACLs program the ACL entries you assign to an interface into Content Addressable
Memory (CAM) space allocated for the ports. The ACLs are programmed into hardware at startup
(or as new ACLs are entered and bound to ports). Devices that use rule-based ACLs program the
ACLs into the CAM entries and use these entries to permit or deny packets in the hardware, without
sending the packets to the CPU for processing.

Rule-based ACLs are supported on the following interface types:

Gbps Ethernet ports

10 Gbps Ethernet ports

Trunk groups

Virtual routing interfaces

Types of IP ACLs

You can configure the following types of IP ACLs:

Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs are
1 – 99 or a character string.

Extended – Permits or denies packets based on source and destination IP address and also
based on IP protocol information. Valid extended ACL IDs are a number from 100 – 199 or a
character string.

ACL IDs and entries

ACLs consist of ACL IDs and ACL entries:

ACL ID – An ACL ID is a number from 1 – 99 (for a standard ACL) or 100 – 199 (for an extended
ACL) or a character string. The ACL ID identifies a collection of individual ACL entries. When
you apply ACL entries to an interface, you do so by applying the ACL ID that contains the ACL
entries to the interface, instead of applying the individual entries to the interface. This makes
applying large groups of access filters (ACL entries) to interfaces simple. Refer to

“Numbered

and named ACLs”

on page 899.

NOTE

This is different from IP access policies. If you use IP access policies, you apply the individual
policies to interfaces.

ACL entry – Also called an ACL rule, this is a filter command associated with an ACL ID. The
maximum number of ACL rules you can configure is a system-wide parameter and depends on
the device you are configuring. You can configure up to the maximum number of entries in any
combination in different ACLs. The total number of entries in all ACLs cannot exceed the
system maximum, listed in

Table 140

.

The device supports a maximum of 1015 ACL entries per ACL.

TABLE 140

Maximum number of ACL entries

System

Maximum ACL rules per port region Maximum ACL

entries per system

Layer 2 or Layer 3 Switch

1534

1534

Advertising
Popular Brands
Popular manuals